IdentityServer needs an asymmetric key pair to sign and validate JWTs.
This keypair can be a certificate/private key combination or raw RSA keys.
In any case it must support RSA with SHA256.

Loading of signing key and the corresponding validation part is done by implementations of ISigningCredentialStore and IValidationKeysStore.
If you want to customize the loading of the keys, you can implement those interfaces and register them with DI.

The DI builder extensions has a couple of convenience methods to set signing and validation keys - see here.